AuthenticationChallengeCurl.cpp [plain text]
#include "config.h"
#include "AuthenticationChallenge.h"
#if USE(CURL)
#include "CurlContext.h"
#include "CurlResponse.h"
#include "ResourceError.h"
namespace WebCore {
AuthenticationChallenge::AuthenticationChallenge(const CurlResponse& curlResponse, unsigned previousFailureCount, const ResourceResponse& response, AuthenticationClient* client)
: AuthenticationChallengeBase(protectionSpaceFromHandle(curlResponse, response), Credential(), previousFailureCount, response, ResourceError())
, m_authenticationClient(client)
{
}
ProtectionSpaceServerType AuthenticationChallenge::protectionSpaceServerTypeFromURI(const URL& url, bool isForProxy)
{
if (url.protocolIs("https"))
return isForProxy ? ProtectionSpaceProxyHTTPS : ProtectionSpaceServerHTTPS;
if (url.protocolIs("http"))
return isForProxy ? ProtectionSpaceProxyHTTP : ProtectionSpaceServerHTTP;
if (url.protocolIs("ftp"))
return isForProxy ? ProtectionSpaceProxyFTP : ProtectionSpaceServerFTP;
return isForProxy ? ProtectionSpaceProxyHTTP : ProtectionSpaceServerHTTP;
}
ProtectionSpace AuthenticationChallenge::protectionSpaceFromHandle(const CurlResponse& curlResponse, const ResourceResponse& response)
{
if (!response.isUnauthorized() && !response.isProxyAuthenticationRequired())
return ProtectionSpace();
auto isProxyAuth = response.isProxyAuthenticationRequired();
const auto& url = isProxyAuth ? curlResponse.proxyUrl : response.url();
auto port = determineProxyPort(url);
auto serverType = protectionSpaceServerTypeFromURI(url, isProxyAuth);
auto authenticationScheme = authenticationSchemeFromCurlAuth(isProxyAuth ? curlResponse.availableProxyAuth : curlResponse.availableHttpAuth);
return ProtectionSpace(url.host().toString(), static_cast<int>(port ? *port : 0), serverType, parseRealm(response), authenticationScheme);
}
std::optional<uint16_t> AuthenticationChallenge::determineProxyPort(const URL& url)
{
static const uint16_t socksPort = 1080;
if (auto port = url.port())
return *port;
if (auto port = defaultPortForProtocol(url.protocol()))
return *port;
if (protocolIsInSocksFamily(url))
return socksPort;
return std::nullopt;
}
ProtectionSpaceAuthenticationScheme AuthenticationChallenge::authenticationSchemeFromCurlAuth(long curlAuth)
{
if (curlAuth & CURLAUTH_NTLM)
return ProtectionSpaceAuthenticationSchemeNTLM;
if (curlAuth & CURLAUTH_NEGOTIATE)
return ProtectionSpaceAuthenticationSchemeNegotiate;
if (curlAuth & CURLAUTH_DIGEST)
return ProtectionSpaceAuthenticationSchemeHTTPDigest;
if (curlAuth & CURLAUTH_BASIC)
return ProtectionSpaceAuthenticationSchemeHTTPBasic;
return ProtectionSpaceAuthenticationSchemeUnknown;
}
String AuthenticationChallenge::parseRealm(const ResourceResponse& response)
{
static NeverDestroyed<String> wwwAuthenticate(MAKE_STATIC_STRING_IMPL("www-authenticate"));
static NeverDestroyed<String> proxyAuthenticate(MAKE_STATIC_STRING_IMPL("proxy-authenticate"));
static NeverDestroyed<String> realmString(MAKE_STATIC_STRING_IMPL("realm="));
String realm;
auto authHeader = response.httpHeaderField(response.isUnauthorized() ? wwwAuthenticate : proxyAuthenticate);
auto realmPos = authHeader.findIgnoringASCIICase(realmString);
if (realmPos != notFound) {
realm = authHeader.substring(realmPos + realmString.get().length());
realm = realm.left(realm.find(','));
removeLeadingAndTrailingQuotes(realm);
}
return realm;
}
void AuthenticationChallenge::removeLeadingAndTrailingQuotes(String& value)
{
auto length = value.length();
if (value.startsWith('"') && value.endsWith('"') && length > 1)
value = value.substring(1, length - 2);
}
}
#endif